Re: [PEN-TEST] Recourse Technologies -- info wanted

[Spy Fox <nebula_61 () HOTMAIL COM>]

> From: Ryan Permeh <ryan () EEYE COM>
> Reply-To: Penetration Testers <PEN-TEST () SECURITYFOCUS COM>
> To: PEN-TEST () SECURITYFOCUS COM
> Subject: Re: [PEN-TEST] Recourse Technologies  -- info wanted
> Date: Tue, 3 Oct 2000 10:01:09 -0700
>
> I have some qualms about putting a "target" on my network.  i understand
> that they may facilitate tracking an attacker, but honestly, why not invest
> your money into building a secure architecture in the first place?  A fake
> "insecure" host or network may lead an attacker to find a vulnerable real
> host there.  I understand a honeypot's use in an academic or research
> environment, but as an enterprise appliance, it seems like a pretty poor
> idea

There are a number of advantages to having a honey pot on your system.  For
example, if you can log an intruder's attempts at using a specific
username(s), you have evidence that your list of users has been compromised,
or you may have a user who is sloppy about their own security practices.  By
analyzing the intruder's techniques and efforts, you can gain better insight
into how they are thinking, and perhaps where they are going to strike next
within the rest of your network.

Most hackers, like any thief, are going to be attracted to the easiest
target to break in to.  With a honey pot system, you have the means of
getting and keeping the intruder's attention and giving yourself some extra
time to shore up your defenses.  If they figure out they are in a honey pot,
they most likely will be scared off because they know they are already being
tracked.

Regards -

Todd Eastman
Spy Fox
_________________________________________________________________________
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.

Share information about yourself, create your own public profile at
http://profiles.msn.com.